Hi,

Did you apply all of them in order?

It is not very helpful to only merge half the patchset.

Did you use pwclient?

-Michael

> On 1 Mar 2019, at 17:09, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> Hello Michael,
> 
> thanks for working on optimizing the suricata configuration file.
> 
> I've merged all of the patches except number "8" and "10" which does
> not apply with "git am".
> 
> When simple adding the changes with "patch" the changes can be applied
> - any idea why this happened?
> 
> Thanks in advance,
> 
> -Stefan 
>> I have worked on suricata's configuration.
>> 
>> My objective was to use more system resources (because suricata did
>> not use much RAM, etc.)
>> to make it faster and to be able to have some deeper decoding and
>> matching.
>> 
>> Please review these changes and let me know what you think.
>> 
>> All in all, suricata should not use more than 1G of RAM which I think
>> is a very good
>> amount. If your system is weaker than that, there is no point in
>> running an IPS.
>> 
>> On my system in my office, this runs with a hand full of rules
>> enabled from the
>> Emerging Threats Community set at around 110MB of RAM.
>> 
>> Michael Tremer (20):
>>  Revert "Suricata: detect DNS events on port 853, too"
>>  suricata: Set max-pending-packets to 1024
>>  suricata: Set default packet size to 1514
>>  suricata: Set detection profile to high
>>  suricata: Drop profiling section from configuration
>>  suricata: Drop some commented stuff from configuration
>>  suricata: Drop sections that require Rust
>>  suricata: Configure HTTP decoder
>>  suricata: Allow 32MB of RAM for DNS decoding
>>  suricata: Drop parsers I have never heard of
>>  suricata: We do not use any IP reputation lists
>>  suricata: Log to syslog
>>  suricata: Use the correct path for the magic database
>>  suricata: Use 64MB of RAM for defragmentation
>>  suricata: Use up to 256MB of RAM for the flow cache
>>  suricata: Log to syslog like a normal process
>>  suricata: Increase memory size for the stream engine
>>  suricata: Disable decoding for Teredo
>>  suricata: Start capture first and then load rules
>>  suricata: Fix syntax error
>> 
>> config/etc/syslog.conf        |   2 +-
>> config/suricata/suricata.yaml | 282 +++++---------------------------
>> ----------
>> 2 files changed, 30 insertions(+), 254 deletions(-)
>>